Again: Xiaomi doesn't care about your privacy!

Data protection on the smartphone
Data protection on smartphones Image: Regio-Journal
It has happened again: The Chinese smartphone manufacturer Xiaomi is trampling on data protection for its customers. However, the outcry about the practices of the fourth largest smartphone manufacturer in the world is largely absent.

Xiaomi is considered a whiz in Germany: the Far Eastern manufacturer has been flooding the German market with inexpensive smartphones for about a year.

It should be mentioned that the quality offered is far above what the established counterparts from Huawei and Samsung have to offer: High-quality materials, good workmanship and powerful technology outperform the industry sizes in almost every category.

The devices usually cost significantly less than 500 euros - apart from the absolute flagship devices.

So where's the catch from? The company hit the headlines for the first time in 2014, as the "Redmi Note" smartphones sent photos, texts, emails and text messages from its users to Chinese servers as long as the device was on the WiFi. By the way: This could not be prevented and the user was not informed about it. Communication between the servers could not be prevented.

At that time, the manufacturer promised improvement and promptly offered a software update that could be used to prevent this data transfer. (Source)

It took another two years for the Chinese manufacturer to once again attract attention due to scandalous behavior: This time it was not just the "sending data home", but also a back door that enabled the company to use apps without the permission and knowledge of the user to install on the smartphone. (Source)

At this point it should be said that Google / Android, Apple and many other manufacturers have implemented similar functions. The difference, however, is that these data transfers are known, encrypted in-house, and can be deactivated directly without first "exerting public pressure".

Now it was again a bit and in the midst of the YouTube influencer-driven marketing offensive in 2019, the "Süddeutsche" examined the current device generation with data specialists.

Data octopuses Facebook, Google and Xiaomi

A “Xiaomi Redmi 6a” with Android 9 was used for this. Admittedly, a study that was not 100 percent representative showed that the device made more than 24 contacts to over 7300 different servers within 600 hours.

By far the largest data collectors were: Google (2355 contacts), Facebook (1991 contacts) and: Xiaomi: 898 contacts.

At first glance, you might think that the others are worse. But far from it: Many of the Xiaomi contacts were transmitted to the server in unencrypted form, for example the so-called advertising ID, with which user profiles can be created and targeted advertising can be played out. Or the information about which apps are currently installed, how often they are used and how long these apps have been active.

By the way, Xiaomi did not comment on the allegations of the SZ. (Source)

With the mass of Google accesses, it should not be forgotten that the entire smartphone architecture is based on Google's Android operating system, all apps, the app store, etc. This "basis" already generates numerous accesses - but this is encrypted.

The next scandal will follow in May

It did not take long now, because in mid-May two security specialists revealed that the Xiaomi devices continue to record user behavior and forward it to China.

This time, the surfing behavior is to be recorded by the browser, including the search engine entries and even in "incognito mode". As the magazine "Forbes" reports, other Xiaomi apps are said to be affected.

IT security specialist Gabriel Cirlig explained that with the "Redmi Note 8" model, every website visited is forwarded to a server hosted by the Chinese Amazon counterpart "Alibaba".

In addition, other actions would be sent to the manufacturer, such as which folders are opened, the swipe on the screen, the opening of apps and the music tracks played.

In a further analysis by the IT specialist Andrew Tierney, the problem was confirmed and expanded: The "Mi Browser Pro" and the "Mint Browser" should act similarly. According to Google statistics, both apps have been downloaded more than 15 million times. (Quelle)

Xiaomi disagrees - and then reacts

The manufacturer's first reaction: deny. The allegations are incorrect, privacy is important for the company.

Then Xiaomi reacted again and admitted the offenses, referred to a software update and that one would like to "further strengthen the control of users over the sharing of their data". (Source)

... as you can see, this has not worked so well since 2014.

Hence our Summary: Great technology at an excessively low price: At Xiaomi, this will obviously still affect data protection in 2020. If your personal data, images, videos and emails are sacred to you, you should consider whether you should not choose another manufacturer.

Picture sources:

  • Smartphone data protection: Regio-Journal

City selection